lokie538 Posted December 23, 2008 Share Posted December 23, 2008 Hi, Im trying to impliment this mysql_real_escape_string into my code :/ not hard I thought, but some some reason it just wont work? Probably something simple im doing? This is the important bits of the code! <?php // connect to the database $cxn = mysqli_connect($host,$user,$passwd,$dbname) or die ( "Location: error.html" ); $picid = $_POST['picid']; $comment = $_POST['comment']; $name = mysql_real_escape_string($_POST['name']); //// this bit is not working?? Doesnt store anything in the database? works if i get rid of mysql_real_escape_string( $email = mysql_real_escape_string($_POST['email']); echo $picid; echo $comment; $comment = nl2br($comment); echo $_POST['comment']; echo "<br>"; echo $comment; $dt2 = date('Y-m-d H:i:s'); echo $dt2; $query = "INSERT INTO `1300blablabla`.`piccomments` ( `picid` , `comment` , `name` , `email` , `date` ) VALUES ( '" . $picid . "', '" . $comment . "', '" . $name . "', '" . $email . "', '" . $dt2 . "' )"; $result = mysqli_query($cxn,$query) or die ("Couldnt execute queryLOLHEAPS FUCKING CUT."); mysql_error(); echo $comment; $stat = "sucess"; header ( "Location: gallery.php?stat=". $stat . "&picid=" . $picid . "" ); ?> Quote Link to comment Share on other sites More sharing options...
premiso Posted December 23, 2008 Share Posted December 23, 2008 mysqli_real_escape_string You need to use the mysqli version not mysql since you are using mysqli... Quote Link to comment Share on other sites More sharing options...
lokie538 Posted December 23, 2008 Author Share Posted December 23, 2008 lol I always overlook the small things Thanks mate! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.